Social Security numbers
of faculty and administrators were mistakenly distributed via email to staff. The email went to 17 principals; at least one forwarded the email to her staff of 77. Those affected were contacted.

A laptop was stolen from Snyder on February 9. Snyder provided the accounting services for Murry's pension plan and others. The laptop may have contained Social Security numbers, dates of birth and pay information.

Information Source:
Dataloss DB

records from this breach used in our total:
0

March 31, 2006

Security Mutual Life Insurance Company of New YorkNew York, New York

BSF

PORT

167

The March 9 theft of a laptop resulted in the exposure of the personal information of disability insurance clients. Client names, Social Security numbers and dates of birth may have been exposed.

Information Source:
Dataloss DB

records from this breach used in our total:
167

April 1, 2006

Con EdisonNew York, New York

BSO

PORT

15,000 Con Edison employees

Con Edison shipped two cartridge
tapes to JPMorgan Chase in upstate Binghamton so it could input data
on behalf of the NY Dept. of Taxation and Finance. One tape was apparently
lost and contained employees' W-2 data, including names, addresses, Social Security numbers,
taxes paid and salaries.

Information Source:
Dataloss DB

records from this breach used in our total:
15,000

April 1, 2006

Shorter CollegeRome, Georgia

EDU

HACK

Unknown

A student was arrested for computer theft and hacking the College's computer network. The student may have accessed student, staff and faculty information.

Information Source:
Dataloss DB

records from this breach used in our total:
0

April 6, 2006

Progressive Casualty InsuranceMayfield Village, Ohio

BSF

INSD

13

A dishonest insider accessed
confidential information, including names, Social Security numbers,
birth dates and property addresses on foreclosure properties she was
interested in buying.

Information Source:
Dataloss DB

records from this breach used in our total:
13

April 7, 2006

DiscountDomainRegistry.comBrooklyn, New York

BSO

DISC

thousands of domain
name registrations

Domain name registrants' personal information including user names, passwords and
credit card numbers was accessible online. The information may have been exposed online for four months.

Information Source:
Dataloss DB

records from this breach used in our total:
1,000

April 9, 2006

University of Medicine and Dentistry of New JerseyNewark, New Jersey

EDU

HACK

1,850

Hackers accessed Social
Security numbers, loan information, and other confidential financial
information of students and alumni.

Information Source:
Dataloss DB

records from this breach used in our total:
1,850

April 10, 2006

Broward County Records DivisionFort Lauderdale, Florida

GOV

DISC

Unknown

Broward County public records with Social Security numbers, driver's license information and bank account details were made available online. The information has been available online for several years. A new statute that will require county recorders to remove Social Security numbers and financial information from public documents before posting documents online will take effect in 2007. The sensitive information that has already been posted will eventually be removed. Individuals can speed up the process of having their specific information removed by submitting a written request.

Information Source:
Dataloss DB

records from this breach used in our total:
0

April 12, 2006

Ross-SimonsProvidence, Rhode Island

BSR

HACK

32,000

A security breach exposed
account and personal information of those who applied for Ross-Simons' private
label credit card. Information exposed includes private label credit
card numbers and other personal information of applicants.

Laptop computers were stolen from two employees of KPMG who were working with data from Greenpoint. The laptops are believed to have contained customer names, Social Security numbers and FICO scores. At least 32 people from New York alone were affected by the early March theft. Customers were notified during the middle of April.

Information Source:
Dataloss DB

records from this breach used in our total:
0

April 13, 2006

Fifth Third BankEvansville, Indiana

BSF

INSD

1,000

An employee was able to gain access to around 1,000 customer accounts. He used this information to stalk and harass female news celebrities. He now faces two felony counts of attempting to defraud using personal information and two misdemeanor counts of stalking and repeated harassment.

Information Source:
Dataloss DB

records from this breach used in our total:
1,000

April 14, 2006

NewTech ImagingHonolulu, Hawaii

BSO

INSD

40,000

Records containing the
names, Social Security numbers and birth dates of more than 40,000
members of Voluntary Employees Benefit Association of Hawaii were illegally
reproduced at a copying business before they were to be put onto a
compact disc for the State. Police later found the data on a computer
that had been confiscated as part of a drug investigation. Those who were on the list and Hawaii Government Employees Association and United Public Workers members who were enrolled in union-sponsored health and group life insurance plans between July and December 1999 were warned. Investigators were only able to speculate that the theft may have occurred in February of 2005.

Information Source:
Dataloss DB

records from this breach used in our total:
40,000

April 14, 2006

University of South CarolinaColumbia, South Carolina

EDU

DISC

1,400

A department chair distributing information about summer courses sent an email containing sensitive information. A database containing Social Security numbers
of students was mistakenly added as an attachment and e-mailed to classmates.

Information Source:
Dataloss DB

records from this breach used in our total:
1,400

April 17, 2006

Visiting Nurse Service of New York (VNSNY)New York, New York

MED

PORT

92

Three separate thefts resulted in the loss of three tablet computers. The computers were used by therapists who were making therapy treatment visits to patients. The personal information on the computers included Social Security numbers. VNSNY warned that unauthorized persons might use the stolen tablets to pose as therapists and enter patient homes.

Information Source:
Dataloss DB

records from this breach used in our total:
92

April 19, 2006

AflacColumbus, Georgia

BSF

PORT

Unknown

A laptop used to submit insurance applications was stolen from a field associate's home during a burglary. It may have contained the names and Social Security numbers of policyholders and certificate holders.

Information Source:
Dataloss DB

records from this breach used in our total:
0

April 20, 2006

Bear Stearns & Company Inc.New York, New York

BSF

DISC

Unknown

Customers seeking further information may call (212) 272-4275.

Bear Stearn's realized that unauthorized users could access customer accounts. Former customers could still log into on-line accounts if their account numbers had been recycled and given to new users. Such information included account holdings and activities, account statements and IRS Forms 1099-DIV and 1099-INT (which included name, address, account number and Social Security number).

Information Source:
Dataloss DB

records from this breach used in our total:
0

April 21, 2006

University of Alaska, FairbanksFairbanks, Alaska

EDU

HACK

38,941

A hacker had access to names,
Social Security numbers, and partial e-mail addresses of current and
former students, faculty, and staff. The University reported that it would not contact those affected after a first and second notification. Anyone claiming to be from the University after these notifications should be viewed with suspicion.

Information Source:
Dataloss DB

records from this breach used in our total:
38,941

April 21, 2006

BoeingSeattle, Washington

BSO

PORT

3,600 current and former
employees

A laptop was taken from
a Boeing human resources employee at Sea-Tac airport. It contained
Social Security numbers and other personal information, including personnel information
from the 2000 acquisition of Hughes Space and Communications.

Information Source:
Dataloss DB

records from this breach used in our total:
3,600

April 21, 2006

Impac Funding CorporationNewport Beach, California

BSF

PORT

4,600

Customers may call (949) 475-6255.

Several laptops were stolen. Saved emails with the names and Social Security numbers of customers may have been on one of the stolen laptops.

A stolen computer contained the information of students who took engineering classes. The information included names, grades and student identification numbers. Hundreds of students are at risk of identity theft since Social Security numbers were used as student identification numbers.

Information Source:
Dataloss DB

records from this breach used in our total:
0

April 24, 2006

College of New PaltzNew Paltz, New York

EDU

HACK

Unknown

A hacker accessed the Campus' primary web server and set up a file sharing system. The server involved also contained access databases that had names and Social Security numbers.

Information Source:
Dataloss DB

records from this breach used in our total:
0

April 26, 2006

Purdue UniversityWest Lafayette, Indiana

EDU

HACK

1,351

A hacker accessed personal
information including Social Security numbers of current and former
graduate students, applicants to graduate school, and a small number
of applicants for undergraduate scholarships. The information compromised goes back three years prior to the incident. Those who were affected were contacted.

Information Source:
Dataloss DB

records from this breach used in our total:
1,351

April 26, 2006

Aetna, Omni Hotels and the Department of Defense NAFHartford, Connecticut

MED

PORT

38,253

A laptop containing personal
information including names, addresses and Social Security numbers
of Department of Defense (35,253) and Omni Hotel employees (3,000) was
stolen from an Aetna employee's car. Members were notified and Aetna offered to pay for the credit monitoring services of those who were affected.

Information Source:
Dataloss DB

records from this breach used in our total:
38,253

April 26, 2006

Pershing LLCJersey City, New Jersey

BSF

PORT

92,541

A Pershing employee lost a laptop computer. Personal information of clients may have been stored on the laptop. Names, Social Security numbers, addresses, brokerage account numbers and account holdings may have been exposed.

Information Source:
Dataloss DB

records from this breach used in our total:
92,541

April 26, 2006

Amica Mutual InsuranceLincoln, Rhode Island

BSF

PORT

751 (number includes only New York residents)

An Amica computer tape with personal information regarding insurance claims was lost in transit. Amica believes the tape was also destroyed or badly damaged in transit.

Information Source:
Dataloss DB

records from this breach used in our total:
751

April 26, 2006

Sterling Renaissance FestivalSyracuse, New York

BSO

HACK

Unknown

Customers with questions may call (315) 947-5782.

Someone was able to access online orders of Brandywine Limited multiple times between 4/18/06 and 4/20/06. The online order forms include customer names, addresses, credit card numbers and credit card information. Some customers may have also had their telephone numbers and email addresses exposed.

Information Source:
Dataloss DB

records from this breach used in our total:
0

April 27, 2006

Long Island Railrad via contractor Iron MountainJamaica, New York

GOV

PORT

17,000

Data tapes containing personal
information including names, addresses, Social Security numbers and
salary figures of virtually everyone who worked for or currently works for the
agency were lost. The lost occurred during delivery by contractor Iron Mountain.
Data tapes belonging to the U.S. Department of Veteran's Affairs may
also have been affected.

Information Source:
Dataloss DB

records from this breach used in our total:
17,000

April 28, 2006

Ohio Secretary of StateCleveland, Ohio

GOV

DISC

Potentially millions
of registered voters

The names, addresses, and
Social Security numbers of potentially millions of registered voters
in Ohio were included on CD-ROMs distributed to 20 political campaign
operations for spring primary election races. The records of about
7.7 million registered voters are listed on the CDs, but it's unknown
how many records contained Social Security numbers, which were not supposed to have been
included on the CDs.

UPDATE (9/15/06):
A news report said that some Social Security numbers still remain on the agency's Web
site.

Information Source:
Dataloss DB

records from this breach used in our total:
0

April 28, 2006

U.S. Department of DefenseWashington, District Of Columbia

GOV

HACK

14,000

A hacker accessed a Tricare
Management Activity (TMA) public server containing personal information
about military employees. TMA is used to provide health care services to military personnel and their families.

Information Source:
Dataloss DB

records from this breach used in our total:
14,000

April 28, 2006

Sears, Roebuck, Company Contractor ComplianceWinter Park, Florida

BSF

DISC

196

A spreadsheet with the business or individual names, identification or Social Security numbers, business addresses and business phone numbers of Sears contractors was accidentally included in an email sent to 373 contractors on April 13. The contractors were instructed to delete the email on April 24 and were also required to send written confirmation that they had done so.

Information Source:
Dataloss DB

records from this breach used in our total:
196

May 1, 2006

CBCInnovis Bank Inc., Great Florida BankMiami, Florida

BSF

UNKN

518

CBCInnovis, Inc. learned that Great Florida Bank had consumer information accessed without proper authorization. The information may have included names, addresses, Social Security numbers, names of creditors, account numbers, payment histories and financial public records.

Hackers accessed a computer
system of the school's alumni relations department that included
biographical information and 137,000 Social Security numbers of
alum.

UPDATE
(8/30/07) :
An Ohio judge has granted a motion to dismiss a case against Ohio
University (OU) regarding security breaches of the school's computer
systems that compromised alumni data. The two alumni who filed the
lawsuit wanted OU to pay for credit monitoring services for everyone
whose data were compromised. The judge said the pair had not proven
that they had suffered damages for which they could be compensated.

Information Source:
Dataloss DB

records from this breach used in our total:
137,000

May 2, 2006

Georgia State GovernmentAtlanta, Georgia

GOV

STAT

Unknown

Government surplus computers
that sold before their hard drives were erased contained credit card
numbers, birth dates, and Social Security numbers of Georgia citizens. The State stopped selling the computers after being notified by a buyer. Thousands of patient records from a psychiatric hospital in Rome, Georgia were found on one computer's hard drive.

Information Source:
Dataloss DB

records from this breach used in our total:
0

May 2, 2006

Countrywide Home LoansPlano, Texas

BSF

INSD

90

A former employee is suspected of ordering customer credit reports and providing some of those reports to a third party.

Information Source:
Dataloss DB

records from this breach used in our total:
90

May 4, 2006

Idaho Power CompanyBoise, Idaho

BSO

PORT

Unknown

Four company hard drives
were sold on eBay containing hundreds of thousands of confidential
company documents, employee names and Social Security numbers, and
confidential memos to the company's CEO.

Information Source:
Dataloss DB

records from this breach used in our total:
0

May 5, 2006

Wells FargoSan Francisco, California

BSF

STAT

Unknown

A computer containing names,
addresses, Social Security numbers and mortgage loan deposit numbers
of existing and prospective customers may have been stolen while being
delivered from one bank facility to another.

Information Source:
Dataloss DB

records from this breach used in our total:
0

May 5, 2006

New York State Department of Taxation and FinanceAlbany, New York

GOV

PORT

38

A sales tax field auditor reported a laptop missing. Contents of the laptop were unknown at the time of the report. The data exposed may have included sales tax audit reports and supporting documentation from closed sales tax audits on 38 businesses. Some of this information would include Social Security number, business and/or home address and bank account information.

Names, birth dates, Social
Security numbers and medical information were accessed in records
of students dating back to 2001, plus faculty, workers and regional
campus students.

Information Source:
Dataloss DB

records from this breach used in our total:
70,000

May 11, 2006

Merrill LynchNew York, New York

BSF

PORT

10,500 (Number includes only New York residents)

An employee's laptop computer was stolen during a burglary. The computer contained limited personal information of some current and former Merrill Lynch clients and prospects. The information included names, addresses, account and loan numbers, account and loan balances and the name of clients' financial advisors.

Information Source:
Dataloss DB

records from this breach used in our total:
10,500

May 11, 2006

Healthcare Business Resources (HBR)Durham, North Carolina

MED

DISC

Unknown

Google accessed confidential information on the HBR website and made the information available on the internet. Socail Security numbers, names, phone numbers, dates of birth, addresses and diagnostic information were accessible through Google. Access to the information is now restricted to authorized users with secure identification and passwords. The information was available between August 2005 and January of 2006.

Information Source:
Dataloss DB

records from this breach used in our total:
0

May 12, 2006

Mercantile Potomac BankGaithersburg, Maryland

BSF

PORT

48,000

A laptop containing confidential
information about customers, including Social Security numbers and
account numbers was stolen when a bank employee removed it from the
premises, in violation of the bank's policies. The computer did not
contain customer passwords, personal identification numbers (PIN numbers)
or account expiration dates. The bank contacted affected customers and offered them one year of free credit monitoring services.

Information Source:
Dataloss DB

records from this breach used in our total:
48,000

May 12, 2006

Annibell Mortgage Inc.Sayville, New York

BSF

STAT

300

Four computers with the personal information of clients were stolen during an early April burglary. The information did not include credit files, but did have other forms of private customer data.

Information Source:
Dataloss DB

records from this breach used in our total:
300

May 16, 2006

American Institute of Certified Public Accountants (AICPA)New York, New York

NGO

PORT

330,000 [Updated
6/16/06]

An unencrypted hard drive
containing names, addresses and Social Security numbers of AICPA members
was lost when it was shipped back to the organization by a computer
repair company. AICPA offered one year of free credit monitoring services to affected members.

Information Source:
Dataloss DB

records from this breach used in our total:
330,000

May 16, 2006

University of California BerkeleyBerkeley, California

EDU

HACK

1,200

During an investigation of a computer virus, it was discovered that computers within an office may have been accessed without authorization from within the campus network. Student, faculty and staff names and Social Security numbers were on archived spreadsheets. The spreadsheets contained the personal information of people who requested campus cards between 1998 and 2004.

Information Source:
Dataloss DB

records from this breach used in our total:
1,200

May 16, 2006

GE Money Bank, Lowe's Companies Inc.Philadelphia, Pennsylvania

BSF

PORT

150

GE Money Bank issues private label credit cards for Lowe's Companies Inc. A number of credit card applications were taken form a Lowe's store in Philadelphia by an unknown person. The information on the applications included names, Social Security numbers, dates of birth, addresses and Lowe's credit card account numbers. At least 11 consumers discovered fraudulent purchases at Lowe's stores.

Information Source:
Dataloss DB

records from this breach used in our total:
150

May 17, 2006

M &T Bank via contractor PFPCBuffalo, New York

BSF

PORT

Unknown

A laptop computer, owned
by PFPC, a third party company that provides record keeping services
for M & T's Portfolio Architect accounts was stolen from a vehicle.
The laptop contained clients' account numbers, Social Security numbers,
last name and the first two letters of their first name.

Information Source:
Security Breach Letter

records from this breach used in our total:
0

May 18, 2006

American Red Cross, St. Louis Chapter St. Louis, Missouri

NGO

INSD

1,000,000

A dishonest employee had access
to Social Security numbers of donors. The database was used to call previous donors and urge them to give blood
again. The employee misused the personal information of at least three
people to perpetrate identity theft and had access to the personal
information of one million donors.

Information Source:
Dataloss DB

records from this breach used in our total:
1,000,000

Breach Total

816,044,756 RECORDS BREACHED(Please see explanation about this total.)from 4,506 DATA BREACHES made public since 2005